|Network Security Consulting SecurityFocus Article
Apple Shutters Flaws In QuickTime, IPhone
Apple released updates on Wednesday for both its QuickTime multimedia player and its popular iPhone, closing some serious security holes.
The QuickTime patch, which updates the software to version 7.6.4, fixes three vulnerabilities in the way the multimedia players handles different video formats, including H.264 and MPEG-4 files. The patch also squashes a fourth security bug in the program's handling of FlashPix files. All four of the vulnerabilities could allow an attacker to run code on a targeted computer by creating a specially crafted media file, Apple stated in its advisory.
The patch of the company's popular iPhone, which updates the mobile device's operating system to 3.1, fixes 10 security issues, two of which could allow an attacker to execute code on a victim's device. The mobile phone's browser accounts for four of the flaws, including an issue that could disclose usernames and passwords to certain Web sites and a flaw in International Domain Name (IDN) support which allows characters that could allow an attacker to create a URL which contains look-alike characters, Apple said in its advisory.
On Thursday, the U.S. Computer Emergency Readiness Team (US-CERT) recommended that Mac and iPhone users upgrade their systems as soon as possible.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos